| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Tcbhn wurde beendet und geschlossen - Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.06.2013, 10:12
| #1 |
| |  Tcbhn wurde beendet und geschlossen - Virus? Moin! Mir wird seit geraumer Zeit schon eine Meldung beim hochfahren angezeigt, die folgendes beinhaltet: "Tcbhn wurde beendet und geschlossen" Ich habe zwar schon andere Beiträge gelesen, kann dem aber nicht so ganz folgen. Nun bin ich auch nicht wahrhaftig ausreichend versiert auf dem Gebiet und brauche eure Hilfe, ich weiß nicht, ob es ein Virus ist?! Beste Grüße und vielen Dank soweit schon mal! |
|
06.06.2013, 10:14
| #2 |
| /// Malware-holic   | Tcbhn wurde beendet und geschlossen - Virus? hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
06.06.2013, 10:46
| #3 |
| | Tcbhn wurde beendet und geschlossen - Virus? Vielen Dank für die schnelle Antwort!!
__________________Hier einmal der Inhalt aus dem OTL und den Extras Code:
ATTFilter OTL logfile created on: 06.06.2013 11:20:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Martha\Eigene Dateien Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,89% Memory free 3,33 Gb Paging File | 3,01 Gb Available in Paging File | 90,49% Paging File free Paging file location(s): C:\pagefile.sys 1522 1522 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 79,99 Gb Total Space | 24,09 Gb Free Space | 30,12% Space Free | Partition Type: NTFS Drive D: | 61,20 Gb Total Space | 53,63 Gb Free Space | 87,63% Space Free | Partition Type: NTFS Computer Name: DENNIS | User Name: Martha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.06 11:18:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Martha\Eigene Dateien\OTL.exe PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.12.06 12:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\SyncServer.exe PRC - [2012.11.28 15:13:24 | 000,013,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe PRC - [2012.10.30 18:31:05 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe PRC - [2011.02.25 12:52:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\YouCam\YCMMirage.exe PRC - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe PRC - [2008.09.03 19:49:56 | 000,311,296 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe PRC - [2008.09.03 11:34:42 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\ETDCTRL.EXE PRC - [2008.09.02 20:32:00 | 000,593,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe PRC - [2008.09.02 20:28:14 | 000,106,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe PRC - [2008.08.22 17:18:44 | 000,204,800 | ---- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\ETDDECT.EXE PRC - [2008.05.21 01:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll MOD - [2010.07.04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Programme\Unlocker\UnlockerHook.dll MOD - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.07.30 10:55:02 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.05.31 14:25:20 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 09:05:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2010.07.28 09:14:14 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\clwvd.sys -- (clwvd) DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2008.08.12 16:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008.07.24 17:37:16 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.07.24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008.07.24 17:37:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.05.30 11:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008.04.08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2008.03.28 17:38:16 | 000,625,024 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2008.03.11 19:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2008.03.10 18:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2008.02.04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007.05.03 04:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eeepc.asus.com/global IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Programme\Mozilla Firefox 4.0 Beta 8\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Programme\Mozilla Firefox 4.0 Beta 8\plugins [2013.05.31 14:24:03 | 000,000,000 | ---D | M] [2009.01.09 17:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Extensions [2013.01.30 11:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions [2013.01.30 11:49:08 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com [2012.09.14 18:45:20 | 000,621,521 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\testpilot@labs.mozilla.com.xpi [2013.05.10 10:59:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2013.04.03 14:17:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire [2013.06.05 16:15:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1dd4a0fdeff86d7113af5bf9018092d1_expire [2013.03.25 18:16:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire [2013.06.05 16:15:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire [2013.04.03 10:26:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2013.02.20 10:37:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2013.03.25 18:16:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\38126fd00e0eb9d5ca912a5939b4755d_expire [2013.06.06 10:49:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\477177151e09e6e11822eacf0cc8bdc5_expire [2013.06.05 09:05:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2013.03.25 18:16:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire [2013.06.05 16:15:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6d0e7c50b1f5d67f61ee9a2f5654f096_expire [2013.03.25 18:51:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\72891ec935a3d247f2da6562ef29a005_expire [2013.03.25 19:16:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a2853631512ec717cfd936b9a1f41b5c_expire [2013.03.25 17:50:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2013.03.25 18:51:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire [2013.06.06 11:06:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b4e6d346c3e211a88a4175dba0d9e052_expire [2013.03.25 17:50:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2013.06.06 11:06:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e440d29f88739418e905adc0a155a174_expire [2013.04.03 14:17:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire [2013.06.05 16:15:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2013.04.03 10:26:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2013.06.05 09:05:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2013.06.05 09:05:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Mozilla\Firefox\Profiles\b9vdsapd.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2011.05.15 11:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.22 17:43:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.05.08 09:39:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.12.22 17:42:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Ginyas Browser Companion) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\GinyasBrowserCompanion\jsloader.dll ( ) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ginyas Browser Companion Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\GinyasBrowserCompanion\updatebhoWin32.dll ( ) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [ETDWareDetect] C:\Programme\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [UnlockerAssistant] C:\Programme\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [YouCam Mirage] C:\Programme\CyberLink\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Programme\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231569339747 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231569328482 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B87B4F0-74D3-41A6-82F6-73C946D57F7D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Martha\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Martha\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.11 16:19:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5151e45e-67bf-11dd-865e-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{5151e45e-67bf-11dd-865e-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5151e45e-67bf-11dd-865e-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597) ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: MsnMsgr - hkey= - key= - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.06 11:17:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Martha\Eigene Dateien\OTL.exe [2013.06.06 10:41:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2013.06.06 10:39:42 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2013.06.06 10:39:27 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2013.06.06 10:39:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.06.06 10:30:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.31 14:21:54 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 8 [2013.05.29 10:55:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Martha\Downloads [2013.05.27 14:28:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Free M4a to MP3 Converter [2013.05.27 14:28:15 | 000,000,000 | ---D | C] -- C:\Programme\Free M4a to MP3 Converter [2013.05.07 13:47:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Martha\.thumbnails [2013.05.07 13:44:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Martha\Lokale Einstellungen\Anwendungsdaten\fontconfig [2013.05.07 13:44:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Martha\.gimp-2.8 [2013.05.07 13:44:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Martha\Lokale Einstellungen\Anwendungsdaten\gegl-0.2 [2013.05.07 13:37:49 | 000,000,000 | ---D | C] -- C:\Programme\GIMP 2 [2013.05.07 13:35:07 | 076,902,472 | ---- | C] (The GIMP Team ) -- C:\Programme\gimp-2.8.4-setup.exe [2013.04.17 06:28:21 | 013,092,648 | ---- | C] (Nullsoft, Inc.) -- C:\Programme\winamp563_full_emusic-7plus_de-de.exe [2012.10.18 22:06:46 | 017,813,784 | ---- | C] (Dropbox, Inc.) -- C:\Programme\Dropbox 1.4.17.exe [2008.08.11 19:17:59 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe ========== Files - Modified Within 30 Days ========== [2013.06.06 11:29:02 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GinyasBrowserCompanion FireFox Watcher.job [2013.06.06 11:26:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GinyasBrowserCompanion Stats Report.job [2013.06.06 11:18:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Martha\Eigene Dateien\OTL.exe [2013.06.06 11:04:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.06 11:03:57 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GinyasBrowserCompanion Update Checker.job [2013.06.06 10:54:47 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013.06.06 10:53:52 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2013.06.06 10:49:02 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GinyasBrowserCompanion Chrome Watcher.job [2013.06.06 10:43:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.06 10:41:11 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.06.05 18:08:41 | 008,429,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Martha\Eigene Dateien\drumcheck.mp3 [2013.06.05 16:46:14 | 000,000,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Martha\Desktop\Eigene Musik.lnk [2013.06.03 14:41:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.15 12:31:42 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.15 10:32:01 | 000,462,744 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.15 10:32:01 | 000,444,450 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.15 10:32:01 | 000,085,766 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.15 10:32:01 | 000,072,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.15 10:26:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.08 10:45:54 | 000,010,339 | -HS- | M] () -- C:\Dokumente und Einstellungen\Martha\Eigene Dateien\Folder.jpg [2013.05.08 10:45:54 | 000,002,251 | -HS- | M] () -- C:\Dokumente und Einstellungen\Martha\Eigene Dateien\AlbumArtSmall.jpg [2013.05.07 13:47:14 | 000,001,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Martha\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.05.07 13:35:36 | 076,902,472 | ---- | M] (The GIMP Team ) -- C:\Programme\gimp-2.8.4-setup.exe ========== Files Created - No Company Name ========== [2013.06.06 10:41:11 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.06.05 18:08:31 | 008,429,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Martha\Eigene Dateien\drumcheck.mp3 [2013.05.07 13:47:14 | 000,001,011 | ---- | C] () -- C:\Dokumente und Einstellungen\Martha\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.05.07 13:44:08 | 000,000,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GIMP 2.lnk [2013.04.25 08:32:51 | 000,802,113 | ---- | C] () -- C:\Programme\Unlocker1.9.1.exe [2013.03.06 11:18:51 | 000,000,144 | ---- | C] () -- C:\Programme\file_id.diz [2012.05.08 09:41:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010.12.28 18:10:56 | 000,067,072 | ---- | C] () -- C:\Dokumente und Einstellungen\Martha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.09 06:16:38 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Martha\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.08.11 18:46:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.11.05 07:04:20 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.06.06 10:41:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011.06.30 20:58:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO [2013.06.06 11:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GinyasBrowserCompanion [2013.01.25 20:37:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek [2011.07.17 10:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2013.05.31 13:56:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Audacity [2013.02.28 15:52:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Dropbox [2011.06.30 20:57:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\go [2013.04.25 08:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\QuickStoresToolbar [2012.09.05 18:00:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Smart PC Solutions [2013.05.08 11:56:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Spotify [2011.01.02 19:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\StarOffice8 ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.06.06 10:43:39 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.01.09 06:16:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008.08.11 17:57:31 | 000,000,000 | ---D | M] -- C:\Intel [2009.01.10 08:24:49 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.06.06 10:39:42 | 000,000,000 | R--D | M] -- C:\Programme [2009.01.09 19:54:34 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2009.01.09 06:15:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.06.06 10:44:33 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2012.10.18 22:07:03 | 017,813,784 | ---- | M] (Dropbox, Inc.) -- C:\Programme\Dropbox 1.4.17.exe [2013.05.07 13:35:36 | 076,902,472 | ---- | M] (The GIMP Team ) -- C:\Programme\gimp-2.8.4-setup.exe [2008.05.07 16:34:00 | 015,523,560 | ---- | M] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [2013.04.25 08:33:11 | 000,802,113 | ---- | M] () -- C:\Programme\Unlocker1.9.1.exe [2013.04.17 06:29:04 | 013,092,648 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\winamp563_full_emusic-7plus_de-de.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 14:00:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 14:00:00 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 14:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 14:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 14:00:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 14:00:00 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2008.08.11 16:04:28 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2008.08.11 16:22:58 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2012.07.08 00:42:20 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2013.01.24 16:25:32 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2013.01.30 11:49:09 | 000,001,072 | ---- | C] () -- C:\WINDOWS\Tasks\GinyasBrowserCompanion FireFox Watcher.job [2013.01.30 11:49:12 | 000,001,024 | ---- | C] () -- C:\WINDOWS\Tasks\GinyasBrowserCompanion Chrome Watcher.job [2013.01.30 11:49:15 | 000,001,072 | ---- | C] () -- C:\WINDOWS\Tasks\GinyasBrowserCompanion Stats Report.job [2013.01.30 11:49:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\Tasks\GinyasBrowserCompanion Update Checker.job [2013.02.15 08:45:43 | 000,000,358 | -H-- | C] () -- C:\WINDOWS\Tasks\MpIdleTask.job [2013.02.15 08:46:57 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.08.11 18:10:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.08.11 18:10:41 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.08.11 18:10:41 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.06.06 10:42:49 | 005,505,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Martha\NTUSER.DAT [2013.06.06 11:34:33 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Martha\ntuser.dat.LOG [2013.06.06 10:42:49 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Martha\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.04.12 16:00:54 | 001,876,480 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.06.2013 11:20:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Martha\Eigene Dateien
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,89% Memory free
3,33 Gb Paging File | 3,01 Gb Available in Paging File | 90,49% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 79,99 Gb Total Space | 24,09 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive D: | 61,20 Gb Total Space | 53,63 Gb Free Space | 87,63% Space Free | Partition Type: NTFS
Computer Name: DENNIS | User Name: Martha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Spotify\spotify.exe" = C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Martha\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\SoulseekNS\slsk.exe" = C:\Programme\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 2.0.3
"Elantech" = ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
"Electronic Piano 2.5_is1" = Electronic Piano 2.5
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"GIMP-2_is1" = GIMP 2.8.4
"GinyasBrowserCompanion" = GinyasBrowserCompanion
"Guitar Pro 5_is1" = Guitar Pro 5.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"Soulseek2" = SoulSeek 157 NS 13e
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 2.0.5
"WAV To MP3_is1" = WAV To MP3 V2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.03.2013 09:57:58 | Computer Name = NETBOOKSANDRA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2907
Error - 19.03.2013 09:57:58 | Computer Name = NETBOOKSANDRA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2907
Error - 28.03.2013 15:54:45 | Computer Name = NETBOOKSANDRA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.03.2013 12:19:53 | Computer Name = NETBOOKSANDRA | Source = Microsoft Security Client | ID = 5000
Description =
Error - 02.04.2013 09:50:48 | Computer Name = NETBOOKSANDRA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.04.2013 09:50:48 | Computer Name = NETBOOKSANDRA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2469
Error - 02.04.2013 09:50:48 | Computer Name = NETBOOKSANDRA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2469
Error - 19.04.2013 04:49:06 | Computer Name = NETBOOKSANDRA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tbhcn.exe, Version 1.0.0.5, fehlgeschlagenes
Modul tbhcn.exe, Version 1.0.0.5, Fehleradresse 0x0007a2fd.
Error - 22.04.2013 15:20:21 | Computer Name = NETBOOKSANDRA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tbhcn.exe, Version 1.0.0.5, fehlgeschlagenes
Modul tbhcn.exe, Version 1.0.0.5, Fehleradresse 0x0007a2fd.
Error - 22.04.2013 15:20:39 | Computer Name = NETBOOKSANDRA | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich -932636728.
[ System Events ]
Error - 26.04.2013 15:38:52 | Computer Name = NETBOOKSANDRA | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 26.04.2013 15:45:42 | Computer Name = NETBOOKSANDRA | Source = System Error | ID = 1003
Description = Fehlercode 000000f4, 1. Parameter 00000003, 2. Parameter 89aa9500,
3. Parameter 89aa9674, 4. Parameter 805d22aa.
Error - 12.05.2013 11:20:40 | Computer Name = DENNIS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.100 für die Netzwerkkarte mit der Netzwerkadresse
0015AFDD56B7 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 14.05.2013 10:28:21 | Computer Name = DENNIS | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1788.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 14.05.2013 11:37:55 | Computer Name = DENNIS | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1788.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 15.05.2013 02:43:42 | Computer Name = DENNIS | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1788.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 15.05.2013 06:43:24 | Computer Name = DENNIS | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1788.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 15.05.2013 14:17:10 | Computer Name = DENNIS | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1788.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 01.06.2013 14:20:07 | Computer Name = DENNIS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.100 für die Netzwerkkarte mit der Netzwerkadresse
0015AFDD56B7 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 03.06.2013 08:42:04 | Computer Name = DENNIS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.106 für die Netzwerkkarte mit der Netzwerkadresse
0015AFDD56B7 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
< End of report >
|
|
06.06.2013, 10:50
| #4 |
| /// Malware-holic | Tcbhn wurde beendet und geschlossen - Virus? Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.06.2013, 11:01
| #5 |
| | Tcbhn wurde beendet und geschlossen - Virus? Alles klar, hier der Inhalt vom TDSS Killer: Code:
ATTFilter 11:54:14.0843 3540 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:54:14.0968 3540 ============================================================
11:54:14.0968 3540 Current date / time: 2013/06/06 11:54:14.0968
11:54:14.0968 3540 SystemInfo:
11:54:14.0968 3540
11:54:14.0968 3540 OS Version: 5.1.2600 ServicePack: 3.0
11:54:14.0968 3540 Product type: Workstation
11:54:14.0968 3540 ComputerName: DENNIS
11:54:14.0968 3540 UserName: Martha
11:54:14.0968 3540 Windows directory: C:\WINDOWS
11:54:14.0968 3540 System windows directory: C:\WINDOWS
11:54:14.0968 3540 Processor architecture: Intel x86
11:54:14.0968 3540 Number of processors: 2
11:54:14.0968 3540 Page size: 0x1000
11:54:14.0968 3540 Boot type: Normal boot
11:54:14.0968 3540 ============================================================
11:54:18.0515 3540 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x976A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x80, Type 'K0', Flags 0x00000054
11:54:18.0562 3540 ============================================================
11:54:18.0562 3540 \Device\Harddisk0\DR0:
11:54:18.0578 3540 MBR partitions:
11:54:18.0578 3540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9FF9EC1
11:54:18.0578 3540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9FF9F00, BlocksNum 0x7A68980
11:54:18.0578 3540 ============================================================
11:54:18.0625 3540 C: <-> \Device\Harddisk0\DR0\Partition1
11:54:18.0718 3540 D: <-> \Device\Harddisk0\DR0\Partition2
11:54:18.0718 3540 ============================================================
11:54:18.0718 3540 Initialize success
11:54:18.0718 3540 ============================================================
11:56:56.0671 2040 ============================================================
11:56:56.0671 2040 Scan started
11:56:56.0671 2040 Mode: Manual; SigCheck; TDLFS;
11:56:56.0671 2040 ============================================================
11:56:57.0734 2040 ================ Scan system memory ========================
11:56:57.0734 2040 System memory - ok
11:56:57.0734 2040 ================ Scan services =============================
11:56:57.0843 2040 Abiosdsk - ok
11:56:57.0859 2040 abp480n5 - ok
11:56:57.0906 2040 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:56:59.0062 2040 ACPI - ok
11:56:59.0109 2040 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:56:59.0328 2040 ACPIEC - ok
11:56:59.0437 2040 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:56:59.0484 2040 AdobeFlashPlayerUpdateSvc - ok
11:56:59.0484 2040 adpu160m - ok
11:56:59.0546 2040 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:56:59.0734 2040 aec - ok
11:56:59.0812 2040 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:56:59.0921 2040 AFD - ok
11:56:59.0937 2040 Aha154x - ok
11:56:59.0953 2040 aic78u2 - ok
11:56:59.0953 2040 aic78xx - ok
11:57:00.0000 2040 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:57:00.0234 2040 Alerter - ok
11:57:00.0265 2040 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
11:57:00.0406 2040 ALG - ok
11:57:00.0406 2040 AliIde - ok
11:57:00.0421 2040 amsint - ok
11:57:00.0625 2040 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:57:00.0687 2040 Apple Mobile Device - ok
11:57:00.0687 2040 AppMgmt - ok
11:57:00.0750 2040 [ 6D5F95602B8D0D994D31A864872B38EF ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
11:57:00.0875 2040 AR5211 - ok
11:57:00.0890 2040 asc - ok
11:57:00.0906 2040 asc3350p - ok
11:57:00.0921 2040 asc3550 - ok
11:57:01.0296 2040 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:57:01.0328 2040 aspnet_state - ok
11:57:01.0390 2040 [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
11:57:01.0468 2040 AsusACPI - ok
11:57:01.0531 2040 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:57:01.0734 2040 AsyncMac - ok
11:57:01.0781 2040 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:57:02.0000 2040 atapi - ok
11:57:02.0000 2040 Atdisk - ok
11:57:02.0031 2040 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:57:02.0218 2040 Atmarpc - ok
11:57:02.0265 2040 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:57:02.0453 2040 AudioSrv - ok
11:57:02.0515 2040 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:57:02.0734 2040 audstub - ok
11:57:02.0796 2040 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:57:02.0984 2040 Beep - ok
11:57:03.0031 2040 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
11:57:03.0234 2040 BITS - ok
11:57:03.0328 2040 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
11:57:03.0375 2040 Bonjour Service - ok
11:57:03.0437 2040 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
11:57:03.0531 2040 Browser - ok
11:57:03.0609 2040 [ 4B43DFE1C1FBB305A1DC5504EF9BB34E ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
11:57:03.0703 2040 btaudio - ok
11:57:03.0781 2040 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
11:57:03.0828 2040 BTDriver - ok
11:57:03.0890 2040 [ B4355289CB2EBCC91AE995F916D271B7 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:57:04.0015 2040 BTKRNL - ok
11:57:04.0125 2040 [ 31B026ADD54CBD695709E56D7677A07B ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
11:57:04.0171 2040 btwdins - ok
11:57:04.0218 2040 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:57:04.0250 2040 BTWDNDIS - ok
11:57:04.0281 2040 [ 949ECA9C56F657C06D3166D51F3226C7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
11:57:04.0296 2040 btwhid - ok
11:57:04.0359 2040 [ FAC7E5965162C70D184DFE92B4BCBD1B ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
11:57:04.0375 2040 BTWUSB - ok
11:57:04.0421 2040 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:57:04.0609 2040 cbidf2k - ok
11:57:04.0640 2040 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:57:04.0875 2040 CCDECODE - ok
11:57:04.0890 2040 cd20xrnt - ok
11:57:04.0937 2040 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:57:05.0125 2040 Cdaudio - ok
11:57:05.0156 2040 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:57:05.0375 2040 Cdfs - ok
11:57:05.0421 2040 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:57:05.0640 2040 Cdrom - ok
11:57:05.0640 2040 Changer - ok
11:57:05.0671 2040 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:57:05.0890 2040 CiSvc - ok
11:57:05.0921 2040 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:57:06.0125 2040 ClipSrv - ok
11:57:06.0156 2040 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:57:06.0187 2040 clr_optimization_v2.0.50727_32 - ok
11:57:06.0234 2040 [ D40A408169301B5CF70A82E4D343934F ] clwvd C:\WINDOWS\system32\DRIVERS\clwvd.sys
11:57:06.0265 2040 clwvd - ok
11:57:06.0312 2040 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:57:06.0515 2040 CmBatt - ok
11:57:06.0531 2040 CmdIde - ok
11:57:06.0546 2040 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:57:06.0765 2040 Compbatt - ok
11:57:06.0765 2040 COMSysApp - ok
11:57:06.0796 2040 Cpqarray - ok
11:57:06.0843 2040 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:57:07.0046 2040 CryptSvc - ok
11:57:07.0062 2040 dac2w2k - ok
11:57:07.0062 2040 dac960nt - ok
11:57:07.0125 2040 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:57:07.0203 2040 DcomLaunch - ok
11:57:07.0234 2040 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:57:07.0453 2040 Dhcp - ok
11:57:07.0515 2040 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:57:07.0703 2040 Disk - ok
11:57:07.0718 2040 dmadmin - ok
11:57:07.0781 2040 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:57:08.0000 2040 dmboot - ok
11:57:08.0031 2040 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:57:08.0250 2040 dmio - ok
11:57:08.0296 2040 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:57:08.0484 2040 dmload - ok
11:57:08.0515 2040 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:57:08.0703 2040 dmserver - ok
11:57:08.0750 2040 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:57:08.0937 2040 DMusic - ok
11:57:08.0984 2040 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:57:09.0109 2040 Dnscache - ok
11:57:09.0125 2040 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:57:09.0359 2040 Dot3svc - ok
11:57:09.0359 2040 dpti2o - ok
11:57:09.0406 2040 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:57:09.0625 2040 drmkaud - ok
11:57:09.0656 2040 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:57:09.0843 2040 EapHost - ok
11:57:09.0906 2040 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:57:10.0125 2040 ERSvc - ok
11:57:10.0156 2040 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
11:57:10.0203 2040 Eventlog - ok
11:57:10.0234 2040 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
11:57:10.0281 2040 EventSystem - ok
11:57:10.0328 2040 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:57:10.0515 2040 Fastfat - ok
11:57:10.0578 2040 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:57:10.0640 2040 FastUserSwitchingCompatibility - ok
11:57:10.0671 2040 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:57:10.0890 2040 Fdc - ok
11:57:10.0906 2040 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:57:11.0109 2040 Fips - ok
11:57:11.0125 2040 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:57:11.0328 2040 Flpydisk - ok
11:57:11.0359 2040 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:57:11.0578 2040 FltMgr - ok
11:57:11.0625 2040 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:57:11.0656 2040 FontCache3.0.0.0 - ok
11:57:11.0703 2040 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:57:11.0921 2040 Fs_Rec - ok
11:57:11.0953 2040 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:57:12.0156 2040 Ftdisk - ok
11:57:12.0218 2040 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:57:12.0250 2040 GEARAspiWDM - ok
11:57:12.0312 2040 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:57:12.0515 2040 Gpc - ok
11:57:12.0546 2040 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:57:12.0734 2040 HDAudBus - ok
11:57:12.0843 2040 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:57:13.0046 2040 helpsvc - ok
11:57:13.0062 2040 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
11:57:13.0250 2040 HidServ - ok
11:57:13.0281 2040 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:57:13.0468 2040 HidUsb - ok
11:57:13.0515 2040 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:57:13.0687 2040 hkmsvc - ok
11:57:13.0703 2040 hpn - ok
11:57:13.0750 2040 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:57:13.0828 2040 HTTP - ok
11:57:13.0859 2040 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:57:14.0078 2040 HTTPFilter - ok
11:57:14.0093 2040 i2omgmt - ok
11:57:14.0093 2040 i2omp - ok
11:57:14.0140 2040 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:57:14.0359 2040 i8042prt - ok
11:57:14.0625 2040 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:57:15.0046 2040 ialm - ok
11:57:15.0234 2040 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:57:15.0343 2040 idsvc - ok
11:57:15.0406 2040 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:57:15.0687 2040 Imapi - ok
11:57:15.0718 2040 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
11:57:15.0921 2040 ImapiService - ok
11:57:15.0937 2040 ini910u - ok
11:57:16.0125 2040 [ C73A4A48FBB3D00C7DBC6FE4F5E3675F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:57:16.0390 2040 IntcAzAudAddService - ok
11:57:16.0406 2040 IntelIde - ok
11:57:16.0468 2040 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:57:16.0703 2040 intelppm - ok
11:57:16.0718 2040 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:57:16.0953 2040 Ip6Fw - ok
11:57:16.0953 2040 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:57:17.0156 2040 IpFilterDriver - ok
11:57:17.0156 2040 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:57:17.0359 2040 IpInIp - ok
11:57:17.0375 2040 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:57:17.0578 2040 IpNat - ok
11:57:17.0656 2040 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
11:57:17.0703 2040 iPod Service - ok
11:57:17.0765 2040 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:57:17.0953 2040 IPSec - ok
11:57:18.0000 2040 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:57:18.0109 2040 IRENUM - ok
11:57:18.0156 2040 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:57:18.0359 2040 isapnp - ok
11:57:18.0531 2040 [ A38441ED570F190CC041A7BE49488FA7 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
11:57:18.0578 2040 JavaQuickStarterService - ok
11:57:18.0609 2040 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:57:18.0828 2040 Kbdclass - ok
11:57:18.0859 2040 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:57:19.0156 2040 kbdhid - ok
11:57:19.0187 2040 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:57:19.0406 2040 kmixer - ok
11:57:19.0468 2040 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:57:19.0562 2040 KSecDD - ok
11:57:19.0609 2040 [ 6E775ADE642556C6D43450D16D763FC2 ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys
11:57:19.0687 2040 Ktp - ok
11:57:19.0750 2040 [ 303627228DD739D98289679901A38C8F ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
11:57:19.0812 2040 L1e - ok
11:57:19.0859 2040 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:57:19.0921 2040 LanmanServer - ok
11:57:19.0984 2040 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:57:20.0109 2040 lanmanworkstation - ok
11:57:20.0109 2040 lbrtfdc - ok
11:57:20.0203 2040 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:57:20.0500 2040 LmHosts - ok
11:57:20.0515 2040 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:57:20.0750 2040 Messenger - ok
11:57:20.0796 2040 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:57:20.0968 2040 mnmdd - ok
11:57:21.0015 2040 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:57:21.0218 2040 mnmsrvc - ok
11:57:21.0234 2040 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:57:21.0468 2040 Modem - ok
11:57:21.0484 2040 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:57:21.0687 2040 Mouclass - ok
11:57:21.0734 2040 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:57:21.0937 2040 mouhid - ok
11:57:21.0953 2040 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:57:22.0156 2040 MountMgr - ok
11:57:22.0218 2040 [ 24E9DE03678EE5C91CB413EB251D8923 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
11:57:22.0250 2040 MozillaMaintenance - ok
11:57:22.0296 2040 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:57:22.0343 2040 MpFilter - ok
11:57:22.0343 2040 mraid35x - ok
11:57:22.0359 2040 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:57:22.0562 2040 MRxDAV - ok
11:57:22.0609 2040 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:57:22.0671 2040 MRxSmb - ok
11:57:22.0718 2040 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:57:22.0921 2040 MSDTC - ok
11:57:22.0953 2040 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:57:23.0156 2040 Msfs - ok
11:57:23.0171 2040 MSIServer - ok
11:57:23.0187 2040 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:57:23.0390 2040 MSKSSRV - ok
11:57:23.0500 2040 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc C:\Programme\Microsoft Security Client\MsMpEng.exe
11:57:23.0531 2040 MsMpSvc - ok
11:57:23.0562 2040 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:57:23.0890 2040 MSPCLOCK - ok
11:57:23.0906 2040 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:57:24.0187 2040 MSPQM - ok
11:57:24.0234 2040 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:57:24.0421 2040 mssmbios - ok
11:57:24.0453 2040 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:57:24.0656 2040 MSTEE - ok
11:57:24.0718 2040 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:57:24.0750 2040 Mup - ok
11:57:24.0796 2040 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:57:25.0015 2040 NABTSFEC - ok
11:57:25.0078 2040 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
11:57:25.0296 2040 napagent - ok
11:57:25.0359 2040 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:57:25.0562 2040 NDIS - ok
11:57:25.0578 2040 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:57:25.0796 2040 NdisIP - ok
11:57:25.0843 2040 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:57:25.0906 2040 NdisTapi - ok
11:57:25.0968 2040 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:57:26.0187 2040 Ndisuio - ok
11:57:26.0203 2040 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:57:26.0406 2040 NdisWan - ok
11:57:26.0453 2040 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:57:26.0515 2040 NDProxy - ok
11:57:26.0531 2040 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:57:26.0750 2040 NetBIOS - ok
11:57:26.0812 2040 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:57:27.0015 2040 NetBT - ok
11:57:27.0062 2040 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
11:57:27.0250 2040 NetDDE - ok
11:57:27.0265 2040 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:57:27.0453 2040 NetDDEdsdm - ok
11:57:27.0500 2040 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:57:27.0703 2040 Netlogon - ok
11:57:27.0734 2040 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
11:57:27.0953 2040 Netman - ok
11:57:28.0015 2040 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:57:28.0046 2040 NetTcpPortSharing - ok
11:57:28.0062 2040 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
11:57:28.0125 2040 Nla - ok
11:57:28.0171 2040 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:57:28.0359 2040 Npfs - ok
11:57:28.0390 2040 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:57:28.0609 2040 Ntfs - ok
11:57:28.0640 2040 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:57:28.0828 2040 NtLmSsp - ok
11:57:28.0859 2040 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:57:29.0062 2040 NtmsSvc - ok
11:57:29.0093 2040 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
11:57:29.0125 2040 NuidFltr - ok
11:57:29.0171 2040 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:57:29.0390 2040 Null - ok
11:57:29.0421 2040 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:57:29.0625 2040 NwlnkFlt - ok
11:57:29.0640 2040 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:57:29.0828 2040 NwlnkFwd - ok
11:57:29.0921 2040 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:57:29.0953 2040 ose - ok
11:57:30.0000 2040 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:57:30.0218 2040 Parport - ok
11:57:30.0281 2040 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:57:30.0484 2040 PartMgr - ok
11:57:30.0515 2040 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:57:30.0703 2040 ParVdm - ok
11:57:30.0718 2040 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:57:30.0937 2040 PCI - ok
11:57:30.0937 2040 PCIDump - ok
11:57:30.0953 2040 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:57:31.0140 2040 PCIIde - ok
11:57:31.0156 2040 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:57:31.0390 2040 Pcmcia - ok
11:57:31.0406 2040 PDCOMP - ok
11:57:31.0406 2040 PDFRAME - ok
11:57:31.0421 2040 PDRELI - ok
11:57:31.0421 2040 PDRFRAME - ok
11:57:31.0437 2040 perc2 - ok
11:57:31.0453 2040 perc2hib - ok
11:57:31.0500 2040 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
11:57:31.0531 2040 PlugPlay - ok
11:57:31.0531 2040 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:57:31.0734 2040 PolicyAgent - ok
11:57:31.0750 2040 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:57:31.0937 2040 PptpMiniport - ok
11:57:31.0968 2040 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:57:32.0156 2040 ProtectedStorage - ok
11:57:32.0171 2040 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:57:32.0375 2040 PSched - ok
11:57:32.0421 2040 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:57:32.0625 2040 Ptilink - ok
11:57:32.0687 2040 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:57:32.0718 2040 PxHelp20 - ok
11:57:32.0718 2040 ql1080 - ok
11:57:32.0734 2040 Ql10wnt - ok
11:57:32.0750 2040 ql12160 - ok
11:57:32.0765 2040 ql1240 - ok
11:57:32.0765 2040 ql1280 - ok
11:57:32.0796 2040 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:57:33.0000 2040 RasAcd - ok
11:57:33.0171 2040 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:57:33.0406 2040 RasAuto - ok
11:57:33.0437 2040 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:57:33.0656 2040 Rasl2tp - ok
11:57:33.0687 2040 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:57:33.0890 2040 RasMan - ok
11:57:33.0953 2040 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:57:34.0187 2040 RasPppoe - ok
11:57:34.0203 2040 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:57:34.0453 2040 Raspti - ok
11:57:34.0500 2040 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:57:34.0703 2040 Rdbss - ok
11:57:34.0750 2040 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:57:34.0953 2040 RDPCDD - ok
11:57:35.0062 2040 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:57:35.0296 2040 RDPWD - ok
11:57:35.0328 2040 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:57:35.0515 2040 RDSessMgr - ok
11:57:35.0546 2040 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:57:35.0765 2040 redbook - ok
11:57:35.0796 2040 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:57:35.0984 2040 RemoteAccess - ok
11:57:36.0031 2040 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:57:36.0250 2040 RpcLocator - ok
11:57:36.0296 2040 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:57:36.0343 2040 RpcSs - ok
11:57:36.0375 2040 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:57:36.0562 2040 RSVP - ok
11:57:36.0625 2040 [ 162D6AEE49372B9CE17C418CC5CDE7B5 ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys
11:57:36.0718 2040 RT80x86 - ok
11:57:36.0734 2040 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
11:57:36.0937 2040 SamSs - ok
11:57:36.0968 2040 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:57:37.0156 2040 SCardSvr - ok
11:57:37.0234 2040 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:57:37.0437 2040 Schedule - ok
11:57:37.0468 2040 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:57:37.0562 2040 Secdrv - ok
11:57:37.0593 2040 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
11:57:37.0812 2040 seclogon - ok
11:57:37.0859 2040 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
11:57:38.0062 2040 SENS - ok
11:57:38.0093 2040 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:57:38.0328 2040 Serial - ok
11:57:38.0375 2040 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:57:38.0578 2040 Sfloppy - ok
11:57:38.0640 2040 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:57:38.0843 2040 SharedAccess - ok
11:57:38.0875 2040 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:57:38.0906 2040 ShellHWDetection - ok
11:57:38.0921 2040 Simbad - ok
11:57:38.0953 2040 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:57:39.0156 2040 SLIP - ok
11:57:39.0171 2040 Sparrow - ok
11:57:39.0187 2040 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:57:39.0406 2040 splitter - ok
11:57:39.0453 2040 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:57:39.0515 2040 Spooler - ok
11:57:39.0578 2040 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:57:39.0703 2040 sr - ok
11:57:39.0718 2040 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
11:57:39.0812 2040 srservice - ok
11:57:39.0843 2040 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:57:39.0921 2040 Srv - ok
11:57:39.0968 2040 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:57:40.0093 2040 SSDPSRV - ok
11:57:40.0156 2040 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:57:40.0375 2040 stisvc - ok
11:57:40.0390 2040 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:57:40.0640 2040 streamip - ok
11:57:40.0687 2040 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:57:40.0875 2040 swenum - ok
11:57:40.0906 2040 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:57:41.0093 2040 swmidi - ok
11:57:41.0109 2040 SwPrv - ok
11:57:41.0109 2040 symc810 - ok
11:57:41.0125 2040 symc8xx - ok
11:57:41.0140 2040 sym_hi - ok
11:57:41.0140 2040 sym_u3 - ok
11:57:41.0187 2040 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:57:41.0390 2040 sysaudio - ok
11:57:41.0421 2040 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:57:41.0640 2040 SysmonLog - ok
11:57:41.0671 2040 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:57:41.0890 2040 TapiSrv - ok
11:57:41.0921 2040 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:57:41.0984 2040 Tcpip - ok
11:57:42.0000 2040 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:57:42.0234 2040 TDPIPE - ok
11:57:42.0234 2040 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:57:42.0421 2040 TDTCP - ok
11:57:42.0484 2040 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:57:42.0671 2040 TermDD - ok
11:57:42.0703 2040 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
11:57:42.0890 2040 TermService - ok
11:57:42.0921 2040 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:57:42.0937 2040 Themes - ok
11:57:42.0937 2040 TosIde - ok
11:57:43.0000 2040 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:57:43.0187 2040 TrkWks - ok
11:57:43.0234 2040 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:57:43.0453 2040 Udfs - ok
11:57:43.0453 2040 ultra - ok
11:57:43.0515 2040 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys
11:57:43.0515 2040 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
11:57:43.0515 2040 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
11:57:43.0593 2040 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:57:43.0796 2040 Update - ok
11:57:43.0828 2040 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:57:43.0937 2040 upnphost - ok
11:57:43.0968 2040 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
11:57:44.0156 2040 UPS - ok
11:57:44.0187 2040 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
11:57:44.0250 2040 USBAAPL - ok
11:57:44.0281 2040 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:57:44.0468 2040 usbccgp - ok
11:57:44.0531 2040 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:57:44.0734 2040 usbehci - ok
11:57:44.0796 2040 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:57:44.0984 2040 usbhub - ok
11:57:45.0031 2040 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:57:45.0250 2040 usbscan - ok
11:57:45.0281 2040 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:57:45.0515 2040 usbstor - ok
11:57:45.0562 2040 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:57:45.0765 2040 usbuhci - ok
11:57:45.0796 2040 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
11:57:46.0000 2040 usbvideo - ok
11:57:46.0031 2040 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:57:46.0250 2040 VgaSave - ok
11:57:46.0250 2040 ViaIde - ok
11:57:46.0312 2040 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:57:46.0515 2040 VolSnap - ok
11:57:46.0562 2040 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
11:57:46.0656 2040 VSS - ok
11:57:46.0703 2040 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
11:57:46.0921 2040 W32Time - ok
11:57:46.0953 2040 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:57:47.0156 2040 Wanarp - ok
11:57:47.0234 2040 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:57:47.0281 2040 Wdf01000 - ok
11:57:47.0296 2040 WDICA - ok
11:57:47.0359 2040 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:57:47.0531 2040 wdmaud - ok
11:57:47.0593 2040 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:57:47.0796 2040 WebClient - ok
11:57:47.0921 2040 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:57:48.0156 2040 winmgmt - ok
11:57:48.0203 2040 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:57:48.0265 2040 WmdmPmSN - ok
11:57:48.0312 2040 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:57:48.0546 2040 WmiApSrv - ok
11:57:48.0656 2040 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
11:57:48.0765 2040 WMPNetworkSvc - ok
11:57:48.0828 2040 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:57:49.0062 2040 wscsvc - ok
11:57:49.0078 2040 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:57:49.0312 2040 WSTCODEC - ok
11:57:49.0359 2040 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:57:49.0562 2040 wuauserv - ok
11:57:49.0593 2040 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:57:49.0656 2040 WudfPf - ok
11:57:49.0671 2040 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:57:49.0718 2040 WudfRd - ok
11:57:49.0734 2040 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:57:49.0765 2040 WudfSvc - ok
11:57:49.0812 2040 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:57:50.0078 2040 WZCSVC - ok
11:57:50.0125 2040 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:57:50.0328 2040 xmlprov - ok
11:57:50.0359 2040 ================ Scan global ===============================
11:57:50.0406 2040 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:57:50.0453 2040 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
11:57:50.0484 2040 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
11:57:50.0515 2040 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:57:50.0515 2040 [Global] - ok
11:57:50.0515 2040 ================ Scan MBR ==================================
11:57:50.0546 2040 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:57:50.0968 2040 \Device\Harddisk0\DR0 - ok
11:57:50.0968 2040 ================ Scan VBR ==================================
11:57:50.0968 2040 [ 66FCD2AD27841412EACD3D31CBA39653 ] \Device\Harddisk0\DR0\Partition1
11:57:50.0984 2040 \Device\Harddisk0\DR0\Partition1 - ok
11:57:51.0031 2040 [ B2423D7A2CDE6DDB7E7FACA375397B0E ] \Device\Harddisk0\DR0\Partition2
11:57:51.0046 2040 \Device\Harddisk0\DR0\Partition2 - ok
11:57:51.0046 2040 ============================================================
11:57:51.0046 2040 Scan finished
11:57:51.0046 2040 ============================================================
11:57:51.0156 0324 Detected object count: 1
11:57:51.0156 0324 Actual detected object count: 1
11:58:12.0921 0324 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
11:58:12.0921 0324 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.06.2013, 11:09
| #6 |
| /// Malware-holic | Tcbhn wurde beendet und geschlossen - Virus? Hi, Scan mit Combofix
__________________ --> Tcbhn wurde beendet und geschlossen - Virus? |
WARNUNG an die MITLESER: 
Linear-Darstellung
